Merge branch 'opatch-73' into 'main'

ddsharpe · ddsharpe · commit a86e9c0fb977 · 2024-06-24T18:39:00.000Z
Changed file permissions to allow OPatch lsinventory to run in an OpenShift container

See merge request weblogic-cloud/weblogic-image-tool!475
diff --git a/imagetool/src/main/java/com/oracle/weblogic/imagetool/cli/menu/CommonOptions.java b/imagetool/src/main/java/com/oracle/weblogic/imagetool/cli/menu/CommonOptions.java
@@ -186,7 +186,7 @@ void initializeOptions() throws InvalidCredentialException, IOException, Invalid
         }
 
         if (kubernetesTarget == KubernetesTarget.OPENSHIFT) {
-            dockerfileOptions.setDomainGroupAsUser(true);
+            dockerfileOptions.useOwnerPermsForGroup(true);
             // if the user did not set the OS user:group, make the default oracle:root, instead of oracle:oracle
             if (!isChownSet()) {
                 dockerfileOptions.setGroupId("root");
diff --git a/imagetool/src/main/java/com/oracle/weblogic/imagetool/util/DockerfileOptions.java b/imagetool/src/main/java/com/oracle/weblogic/imagetool/util/DockerfileOptions.java
@@ -1,4 +1,4 @@
-// Copyright (c) 2019, 2021, Oracle and/or its affiliates.
+// Copyright (c) 2019, 2024, Oracle and/or its affiliates.
 // Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 package com.oracle.weblogic.imagetool.util;
@@ -70,7 +70,7 @@ public class DockerfileOptions {
     private PackageManagerType pkgMgr;
     private List<String> patchFilenames;
     private MiddlewareInstall mwInstallers;
-    private boolean domainGroupAsUser;
+    private boolean useOwnerPermsForGroup;
     private boolean usingBusybox;
     private List<String> buildArgs;
 
@@ -102,7 +102,7 @@ public DockerfileOptions(String buildId) {
         updateOpatch = false;
         skipJavaInstall = false;
         skipMiddlewareInstall = false;
-        domainGroupAsUser = false;
+        useOwnerPermsForGroup = false;
         usingBusybox = false;
         buildArgs = new ArrayList<>();
 
@@ -1087,14 +1087,26 @@ public DockerfileOptions setWdtBase(String value) {
         return this;
     }
 
-    public DockerfileOptions setDomainGroupAsUser(boolean value) {
-        domainGroupAsUser = value;
+    /**
+     * Let the Dockerfile know that additional write permissions are required.
+     * When running in OpenShift, 755 permissions is inadequate for some tools
+     * and write permissions must be enabled.  For example, OPatch will fail
+     * with code 73 if it does not have write permissions to the cfgtoollogs folder.
+     * @param value true if additional group write permissions are required.
+     * @return this
+     */
+    public DockerfileOptions useOwnerPermsForGroup(boolean value) {
+        useOwnerPermsForGroup = value;
         return this;
     }
 
+    /**
+     * Returns true if additional write permissions should be used for the OS group.
+     * @return true if group should equal owner permissions for some files/dirs.
+     */
     @SuppressWarnings("unused")
-    public boolean domainGroupAsUser() {
-        return domainGroupAsUser;
+    public boolean useOwnerPermsForGroup() {
+        return useOwnerPermsForGroup;
     }
 
     /**
diff --git a/imagetool/src/main/resources/docker-files/Rebase_Image.mustache b/imagetool/src/main/resources/docker-files/Rebase_Image.mustache
@@ -1,4 +1,4 @@
-# Copyright (c) 2019, 2021, Oracle and/or its affiliates.
+# Copyright (c) 2019, 2024, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 #
 
@@ -79,9 +79,9 @@ RUN mkdir -p {{domain_home}}
     {{/isWdtModelHomeOutsideWdtHome}}
 {{/modelOnly}}
 
-{{#domainGroupAsUser}}
+{{#useOwnerPermsForGroup}}
     RUN chmod -R g=u {{{domain_home}}}
-{{/domainGroupAsUser}}
+{{/useOwnerPermsForGroup}}
 
 WORKDIR {{{work_dir}}}
 
diff --git a/imagetool/src/main/resources/docker-files/final-wdt-copy.mustache b/imagetool/src/main/resources/docker-files/final-wdt-copy.mustache
@@ -1,4 +1,4 @@
-# Copyright (c) 2021, Oracle and/or its affiliates.
+# Copyright (c) 2021, 2024, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 #
 # Copy WDT files or domain into the final image
@@ -10,13 +10,13 @@
     {{#isWdtModelHomeOutsideWdtHome}}
         COPY --from=wdt_build --chown={{userid}}:{{groupid}} {{wdt_model_home}} {{wdt_model_home}}/
     {{/isWdtModelHomeOutsideWdtHome}}
-    {{#domainGroupAsUser}}
+    {{#useOwnerPermsForGroup}}
         RUN chmod -R g=u {{{domain_parent}}} {{{wdt_home}}} {{{wdt_model_home}}}
-    {{/domainGroupAsUser}}
+    {{/useOwnerPermsForGroup}}
 {{/modelOnly}}
 {{^modelOnly}}
     COPY --from=wdt_build --chown={{userid}}:{{groupid}} {{{domain_home}}} {{{domain_home}}}/
-    {{#domainGroupAsUser}}
+    {{#useOwnerPermsForGroup}}
         RUN chmod -R g=u {{{domain_home}}}
-    {{/domainGroupAsUser}}
+    {{/useOwnerPermsForGroup}}
 {{/modelOnly}}
diff --git a/imagetool/src/main/resources/docker-files/install-middleware.mustache b/imagetool/src/main/resources/docker-files/install-middleware.mustache
@@ -57,6 +57,13 @@ RUN echo "INSTALLING MIDDLEWARE" \
   && chmod -R g+r {{{oracle_home}}} \
   || (grep -vh "NOTIFICATION" /tmp/OraInstall*/install*.log && exit 1)
 
+{{#useOwnerPermsForGroup}}
+  # OPatch needs write permissions to the logs folder and lock file when running in OpenShift
+  RUN mkdir ${ORACLE_HOME}/cfgtoollogs \
+   && chmod g=u ${ORACLE_HOME}/cfgtoollogs \
+   && chmod g=u ${ORACLE_HOME}/inventory/locks/oh.lock
+{{/useOwnerPermsForGroup}}
+
 {{> fmw-patching}}
 
 {{#afterFmwInstall}}
diff --git a/imagetool/src/main/resources/docker-files/run-wdt.mustache b/imagetool/src/main/resources/docker-files/run-wdt.mustache
@@ -1,4 +1,4 @@
-# Copyright (c) 2021, Oracle and/or its affiliates.
+# Copyright (c) 2021, 2024, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 #
 # Create WLS domain (or model)
@@ -61,18 +61,18 @@ RUN test -d {{{wdt_home}}}/weblogic-deploy && rm -rf {{{wdt_home}}}/weblogic-dep
         -run_rcu \
     {{/runRcu}}
     {{{wdtVariableFileArgument}}} {{{wdtModelFileArgument}}} {{{wdtArchiveFileArgument}}}
-    {{#domainGroupAsUser}}
+    {{#useOwnerPermsForGroup}}
         RUN chmod -R g=u {{{domain_home}}}
-    {{/domainGroupAsUser}}
+    {{/useOwnerPermsForGroup}}
 {{/modelOnly}}
 {{#isWdtValidateEnabled}}
     RUN cd {{{wdt_home}}}/weblogic-deploy/bin \
     && rm ./*.cmd \
-    {{#domainGroupAsUser}}
+    {{#useOwnerPermsForGroup}}
         && chmod -R g=u {{{wdt_home}}}/weblogic-deploy/lib \
         && mkdir {{{wdt_home}}}/weblogic-deploy/logs \
         && chmod g=u {{{wdt_home}}}/weblogic-deploy/logs \
-    {{/domainGroupAsUser}}
+    {{/useOwnerPermsForGroup}}
     && ./validateModel.sh {{^strictValidation}}-method lax{{/strictValidation}} \
     -oracle_home {{{oracle_home}}} \
     -domain_type {{domainType}} \

Original file line number	Diff line number	Diff line change
`@@ -186,7 +186,7 @@ void initializeOptions() throws InvalidCredentialException, IOException, Invalid`
`186`	`186`	`}`
`187`	`187`
`188`	`188`	`if (kubernetesTarget == KubernetesTarget.OPENSHIFT) {`
`189`		`- dockerfileOptions.setDomainGroupAsUser(true);`
	`189`	`+ dockerfileOptions.useOwnerPermsForGroup(true);`
`190`	`190`	`// if the user did not set the OS user:group, make the default oracle:root, instead of oracle:oracle`
`191`	`191`	`if (!isChownSet()) {`
`192`	`192`	`dockerfileOptions.setGroupId("root");`